Privacy Policy

Last updated: April 2026

1. What we collect

Account data: Email address and hashed password when you sign up.

Billing data: Stripe customer ID and subscription status. Full payment details (card numbers, etc.) are handled exclusively by Stripe and never touch our servers.

Journal data (optional): If cloud journal sync is enabled, trade records including symbol, quantity, entry/exit price, and P&L are synced to our servers. This feature can be disabled, in which case journal data stays on your machine.

2. What we do NOT collect

Broker credentials: Your Tradovate OAuth tokens and ProjectX API keys are encrypted and stored exclusively in your OS keychain (macOS Keychain or Windows Credential Manager). They are never transmitted to CopyContract's servers.

Order flow: Individual trade orders and fills are processed locally by the desktop app. We do not receive or store your live trading activity unless you explicitly enable cloud journal sync.

3. How we use your data

  • To provide, maintain, and improve the Service
  • To process billing and manage your subscription via Stripe
  • To send transactional emails (subscription reminders, receipts)
  • To respond to support requests

We do not sell your data to third parties.

4. Third-party services

We use the following third-party services:

  • Stripe — payment processing
  • Sentry — error reporting (credentials are redacted before transmission)

5. Data retention

Account data is retained while your account is active. If you cancel and do not reactivate within 30 days, we will delete your account data upon request. Journal data synced to our servers can be deleted at any time from your account settings.

6. Security

Passwords are hashed using bcrypt (cost factor 12). Data in transit is encrypted via TLS. We follow industry-standard practices for securing our infrastructure.

7. Your rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us. For users in the EU/EEA, you have additional rights under GDPR.

8. Contact

Privacy questions: privacy@copycontract.com